Launchpad.net

CVE 2019-17223

There is HTML Injection in the Note field in Dolibarr ERP/CRM 10.0.2 via user/note.php.

See the CVE page on Mitre.org for more details.